Baddies caught exploiting extensions bugs with perfect 10 scores on vulnerable Joomla websites

Summary

Security researchers have identified critical vulnerabilities in two Joomla extensions, iCagenda and Balbooa Forms, that are being actively exploited by attackers. These flaws, rated with perfect CVSS scores, affect numerous Joomla websites globally and pose a significant risk to site owners and users.

IFF Assessment

FOE

The discovery and active exploitation of critical vulnerabilities in widely used website extensions represent a direct threat to defenders, as it enables attackers to compromise websites.

Severity

10.0 Critical (AI Estimated)

The article mentions 'perfect 10 scores' for the vulnerabilities, indicating a maximum CVSS score due to critical severity, likely involving high attack vector, complexity, privileges, user interaction, and significant confidentiality, integrity, and availability impacts.

Defender Context

Defenders need to be vigilant about the security of their Joomla installations, prioritizing immediate patching or disabling of vulnerable extensions like iCagenda and Balbooa Forms. The active exploitation of these flaws highlights the ongoing risk from unpatched third-party components in web applications.

Read Full Story →